Cookies Consent Management
Monthly
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).0.0 before 1.2.16. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module that allows unauthenticated remote attackers to inject and execute malicious scripts during web page generation. All versions from 0.0.0 before 1.2.15 are affected. The vulnerability has a high CVSS score of 8.6 with no authentication or user interaction required, enabling attackers to compromise confidentiality, modify page content, and degrade availability. The network-based attack vector and low complexity indicate this is likely actively exploitable in real-world deployments.
Stored/Reflected Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module (versions before 1.2.15) that allows unauthenticated attackers to inject malicious scripts into web pages due to improper input neutralization. The vulnerability has a CVSS score of 8.6 (High severity) with network-based attack vector requiring no privileges or user interaction, enabling attackers to compromise confidentiality, integrity, and availability of affected sites. No active KEV or widespread public PoC data is available in standard vulnerability databases, suggesting limited real-world exploitation at time of analysis, though the high CVSS and ease of exploitation (AV:N/AC:L/PR:N/UI:N) warrant immediate patching.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).0.0 before 1.2.16. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module that allows unauthenticated remote attackers to inject and execute malicious scripts during web page generation. All versions from 0.0.0 before 1.2.15 are affected. The vulnerability has a high CVSS score of 8.6 with no authentication or user interaction required, enabling attackers to compromise confidentiality, modify page content, and degrade availability. The network-based attack vector and low complexity indicate this is likely actively exploitable in real-world deployments.
Stored/Reflected Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module (versions before 1.2.15) that allows unauthenticated attackers to inject malicious scripts into web pages due to improper input neutralization. The vulnerability has a CVSS score of 8.6 (High severity) with network-based attack vector requiring no privileges or user interaction, enabling attackers to compromise confidentiality, integrity, and availability of affected sites. No active KEV or widespread public PoC data is available in standard vulnerability databases, suggesting limited real-world exploitation at time of analysis, though the high CVSS and ease of exploitation (AV:N/AC:L/PR:N/UI:N) warrant immediate patching.